CLI client for querying MISP expansion modules
Project description
misp-modules-cli
misp-modules-cli is a lightweight command-line client for querying MISP expansion modules from a local or remote misp-modules service.
It can:
- Auto-detect likely MISP attribute types from a raw value.
- Query matching expansion modules.
- Restrict queries to one or more specific modules.
- List supported input types from live module introspection.
- Store per-module configuration (API keys, usernames, etc.) in a local config file.
Requirements
- Python 3.10+ (recommended)
misp-modulesrunning and reachable (default:http://127.0.0.1:6666)- Python dependency:
requests
Install dependencies:
python3 -m pip install -r requirements.txt
Optional development/build tooling:
python3 -m pip install -r requirements-dev.txt
Install as a package (editable mode):
python3 -m pip install -e .
After installation, you can use the console command directly:
misp-modules-cli --help
Quick start
1) List supported input types
python3 bin/cli.py --list-supported-types
python3 bin/cli.py --list-supported-types --verbose-types
2) Query with automatic type guessing
python3 bin/cli.py --value 8.8.8.8 --show-guesses
python3 bin/cli.py --value CVE-2024-3094 --show-guesses
3) Query with an explicit MISP type
python3 bin/cli.py --type domain --value circl.lu
4) Restrict to selected modules
python3 bin/cli.py --type domain --value circl.lu --module circl_passivedns
python3 bin/cli.py --type domain --value circl.lu --module circl_passivedns,dns
python3 bin/cli.py --type domain --value circl.lu --module circl_passivedns --module dns
5) Emit unified JSON output from all queried modules
python3 bin/cli.py --value 8.8.8.8 --unified-output
python3 bin/cli.py --type domain --value circl.lu --module circl_passivedns,dns --unified-output
6) Emit markdown report output with summary + full query details
# Print markdown report to stdout
python3 bin/cli.py --value 8.8.8.8 --markdown-output
# Write markdown report to a file
python3 bin/cli.py --type domain --value circl.lu --markdown-output report.md
Module configuration
Some modules require settings (for example credentials or API keys). You can store these once in a local config file.
Interactive configuration
python3 bin/cli.py --configure-module circl_passivedns
Non-interactive configuration
python3 bin/cli.py --configure-module circl_passivedns \
--set username=my-user \
--set password=my-pass
Config file location
Default path:
~/.config/misp-modules-cli/config.json
Override it per run:
python3 bin/cli.py --config-file /path/to/config.json ...
Useful options
--url– base URL ofmisp-modulesservice.--describe-types-url– URL to MISPdescribeTypes.json.--show-guesses– show guessed attribute types.--all-guesses– query all guessed types (instead of only the best match).--raw– print raw JSON responses.--show-empty-results– include empty module responses in output (hidden by default).--unified-output– print one merged JSON object containing all module query results.--markdown-output [PATH]– print a markdown report (or write it toPATH) with summary, query timestamps, query parameters, and responses.--module– limit queries to specific module name(s).--cache-file– cache file path for module responses.--cache-ttl-seconds– cache TTL in seconds (default:43200, i.e. 12 hours).--purge-cache– delete the local cache file and exit.
Response cache
To reduce API calls and improve response times, module query responses are cached locally by default.
- Default cache file:
~/.cache/misp-modules-cli/cache.json
- Default TTL: 12 hours (
43200seconds)
You can override the cache TTL per run:
python3 bin/cli.py --value 8.8.8.8 --cache-ttl-seconds 3600
Purge the local cache:
python3 bin/cli.py --purge-cache
See all CLI options:
python3 bin/cli.py --help
Exit behavior
- Returns non-zero when required input is missing or API/introspection cannot be fetched.
- Prints errors and diagnostic information to stderr.
License
This project is licensed under the GNU Affero General Public License v3.0 or later (AGPL-3.0-or-later). See LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file misp_modules_cli-0.1.0.tar.gz.
File metadata
- Download URL: misp_modules_cli-0.1.0.tar.gz
- Upload date:
- Size: 13.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c0d9158cec8e69bc8fd9161e7283cc362fbef3e4e6d039261119d7a92b3e5368
|
|
| MD5 |
7d70cb96b015d4e54a0d0e1203233c07
|
|
| BLAKE2b-256 |
c2a1de75fbf4022fe8c8b918577378bc65115f96c630fcd549eca17eb4acde37
|
Provenance
The following attestation bundles were made for misp_modules_cli-0.1.0.tar.gz:
Publisher:
pypi-publish.yml on MISP/misp-modules-cli
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
misp_modules_cli-0.1.0.tar.gz -
Subject digest:
c0d9158cec8e69bc8fd9161e7283cc362fbef3e4e6d039261119d7a92b3e5368 - Sigstore transparency entry: 1629840735
- Sigstore integration time:
-
Permalink:
MISP/misp-modules-cli@b221d7d909ac7ef5fc520f95a0daf96d6d4b010c -
Branch / Tag:
refs/tags/v1.1 - Owner: https://github.com/MISP
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi-publish.yml@b221d7d909ac7ef5fc520f95a0daf96d6d4b010c -
Trigger Event:
release
-
Statement type:
File details
Details for the file misp_modules_cli-0.1.0-py3-none-any.whl.
File metadata
- Download URL: misp_modules_cli-0.1.0-py3-none-any.whl
- Upload date:
- Size: 13.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b49c527b2038514bd224d02c67ec391769ef4db41dc066275c026d7ad964fa16
|
|
| MD5 |
fb40bae66c108d448a2bf45fd8f2ad4e
|
|
| BLAKE2b-256 |
322bc41989aed4f0a4e2e3a82aeb91907eb83391fc2f3815f49db26edb47611c
|
Provenance
The following attestation bundles were made for misp_modules_cli-0.1.0-py3-none-any.whl:
Publisher:
pypi-publish.yml on MISP/misp-modules-cli
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
misp_modules_cli-0.1.0-py3-none-any.whl -
Subject digest:
b49c527b2038514bd224d02c67ec391769ef4db41dc066275c026d7ad964fa16 - Sigstore transparency entry: 1629840769
- Sigstore integration time:
-
Permalink:
MISP/misp-modules-cli@b221d7d909ac7ef5fc520f95a0daf96d6d4b010c -
Branch / Tag:
refs/tags/v1.1 - Owner: https://github.com/MISP
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi-publish.yml@b221d7d909ac7ef5fc520f95a0daf96d6d4b010c -
Trigger Event:
release
-
Statement type: